openstack搭建10、 Neutron控制/网络节点集群

10、 Neutron控制/网络节点集群
neutron-server 端口9696 api:接受和响应外部的网络管理请求
neutron-linuxbridge-agent: 负责创建桥接网卡
neturon-dhcp-agent: 负责分配IP
neturon-metadata-agent: 配合Nova-metadata-api实现虚拟机的定制化操作
L3-agent 实现三层网络vxlan(网络层)
**Neutron Server:**对外提供Openstack网络API,接收请求,并调用Plugin处理请求。
**Plugin:**处理Neturon Server发来的请求,维护Openstack逻辑网络状态,并调用Agent处理请求。
**Agent:**处理Plugin的请求,负责在network provider上真正实现各种网络功能。
**Network provider:**提供网络服务的虚拟或物理网络设备,例如Linux Bridge,Open vSwitch或者其他支持Neutron的物理交换机。
**Queue:**Neutron Server,Plugin和Agent之间通过Messagings Queue通信和调用。
**Database:**存放OpenStack的网络状态信息,包括Network,Subnet,Port,Router等。

10.1 创建neutron数据库(在任意控制节点创建数据库,后台数据自动同步)

[root@controller1:/root]# mysql -uroot -p"123456"
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.009 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_szh';
Query OK, 0 rows affected (0.009 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_szh';
Query OK, 0 rows affected (0.011 sec)
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Bye

 

10.2 创建neutron用户、赋权、服务实体

[root@controller1:/root]# source openrc 
[root@controller1:/root]# openstack user create --domain default --password=neutron_szh neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a80531c8a7534a30954246b1eefd74d1 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
// 为neutron用户赋予admin权限
[root@controller1:/root]# openstack role add --project service --user neutron admin
// neutron服务实体类型”network”
[root@controller1:/root]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 78246c2a2efa4c95864a22630886bfa0 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller1:/root]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| eac467e3e05f464e8fa2bec9237f2338 | nova | compute |
| d0311e554ec742069c267963d4c3acfa | glance | image |
| 5c44c9890e7744d8b322531192aa12db | keystone | identity |
| 78246c2a2efa4c95864a22630886bfa0 | neutron | network |
| 850824217408494daa58f31293918560 | placement | placement |
+----------------------------------+-----------+-----------+

 

10.3 创建neutron-api

// neutron-api 服务类型为network;
[root@controller1:/root]# openstack endpoint create --region RegionOne network public http://VirtualIP:9997
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 670dfb6bb8ba4b0eb29cf5ce117fa7f7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78246c2a2efa4c95864a22630886bfa0 |
| service_name | neutron |
| service_type | network |
| url | http://VirtualIP:9997 |
+--------------+----------------------------------+
[root@controller1:/root]# openstack endpoint create --region RegionOne network internal http://VirtualIP:9997
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2c6b3657b8bd431586934cc9dde33f84 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78246c2a2efa4c95864a22630886bfa0 |
| service_name | neutron |
| service_type | network |
| url | http://VirtualIP:9997 |
+--------------+----------------------------------+
[root@controller1:/root]# openstack endpoint create --region RegionOne network admin http://VirtualIP:9997
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5ff90d7cff57495d80338ef7299319d3 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78246c2a2efa4c95864a22630886bfa0 |
| service_name | neutron |
| service_type | network |
| url | http://VirtualIP:9997 |
+--------------+----------------------------------+
[root@controller1:/root]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+----
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+----
| 2c6b3657b8bd431586934cc9dde33f84 | RegionOne | neutron | network | True | internal | http://VirtualIP:9697 |
| 2e109052bb4a4affa30fe3b9e3e5fcc3 | RegionOne | keystone | identity | True | internal | http://VirtualIP:5001/v3/ |
| 3ae6c07e8c1844b3a21c3fc073cd3da9 | RegionOne | nova | compute | True | public | http://VirtualIP:9774/v2.1 |
| 40e4fa83731d4933afe694481b5e0464 | RegionOne | glance | image | True | admin | http://VirtualIP:9293 |
| 53be3d592dfa4060b46ca6a488067191 | RegionOne | placement | placement | True | admin | http://VirtualIP:9778 |
| 5ff90d7cff57495d80338ef7299319d3 | RegionOne | neutron | network | True | admin | http://VirtualIP:9997 |
| 670dfb6bb8ba4b0eb29cf5ce117fa7f7 | RegionOne | neutron | network | True | public | http://VirtualIP:9997 |
| 7bff1a44974a42a59e49eebffad550c0 | RegionOne | nova | compute | True | admin | http://VirtualIP:9774/v2.1 |
| 8ddb366df7e94af9af298b5f11774fb4 | RegionOne | keystone | identity | True | admin | http://VirtualIP:5001/v3/ |
| 9035afba42be4b4387571d02b16c168c | RegionOne | placement | placement | True | internal | http://VirtualIP:9778 |
| a592cb41c0bb424c9817633ed1946b45 | RegionOne | keystone | identity | True | public | http://VirtualIP:5001/v3/ |
| b0f71d34aedf41a9a8fb9d56313efb00 | RegionOne | nova | compute | True | internal | http://VirtualIP:9774/v2.1 |
| b7b0084313744b8a91a142b1221e0443 | RegionOne | glance | image | True | internal | http://VirtualIP:9293 |
| c2a1f308b3c04a448667967afb6016fe | RegionOne | placement | placement | True | public | http://VirtualIP:9778 |
| fdb2cdadfb7544abad1f216ca719f478 | RegionOne | glance | image | True | public | http://VirtualIP:9293 |
+----------------------------------+-----------+--------------+--------------+---------+----
注:误操作,删除命令://# openstack endpoint delete ff76f2ea08914c98ad6e8fee3a789498

[root@controller1:/root]# openstack catalog list
+-----------+-----------+----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+----------------------------------------+
| nova | compute | RegionOne |
| | | public: http://VirtualIP:9774/v2.1 |
| | | RegionOne |
| | | admin: http://VirtualIP:9774/v2.1 |
| | | RegionOne |
| | | internal: http://VirtualIP:9774/v2.1 |
| | | |
| glance | image | RegionOne |
| | | admin: http://VirtualIP:9293 |
| | | RegionOne |
| | | internal: http://VirtualIP:9293 |
| | | RegionOne |
| | | public: http://VirtualIP:9293 |
| | | |
| keystone | identity | RegionOne |
| | | internal: http://VirtualIP:5001/v3/ |
| | | RegionOne |
| | | admin: http://VirtualIP:5001/v3/ |
| | | RegionOne |
| | | public: http://VirtualIP:5001/v3/ |
| | | |
| neutron | network | RegionOne |
| | | internal: http://VirtualIP:9997 |
| | | RegionOne |
| | | admin: http://VirtualIP:9997 |
| | | RegionOne |
| | | public: http://VirtualIP:9997 |
| | | |
| placement | placement | RegionOne |
| | | admin: http://VirtualIP:9778 |
| | | RegionOne |
| | | internal: http://VirtualIP:9778 |
| | | RegionOne |
| | | public: http://VirtualIP:9778 |
| | | |
+-----------+-----------+----------------------------------------+

 

10.4 部署Neutron
10.4.1 安装Neutron程序

[root@controller1:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
[root@controller2:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
[root@controller3:/root]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

 

10.4.2 配置neutron.conf

[root@controller1:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@controller2:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@controller3:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
//注意neutron.conf文件的权限:root:neutron
//配置neutron.conf
[root@controller1:/root]# vim /etc/neutron/neutron.conf
[DEFAULT]
#
bind_host = 192.168.110.121
auth_strategy = keystone
core_plugin = ml2
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
service_plugins = router
transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672

[database]
connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron

[keystone_authtoken]
www_authenticate_uri = http://VirtualIP:5001/v3
auth_url = http://VirtualIP:5001/v3
memcache_servers=controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = neutron_szh

[nova]
auth_url = http://VirtualIP:5001/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova_szh

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[root@controller2:/root]# vim /etc/neutron/neutron.conf
#
bind_host = 192.168.110.122
auth_strategy = keystone
core_plugin = ml2
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
service_plugins = router
transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672

[database]
connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron

[keystone_authtoken]
www_authenticate_uri = http://VirtualIP:5001/v3
auth_url = http://VirtualIP:5001/v3
memcache_servers=controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = neutron_szh

[nova]
auth_url = http://VirtualIP:5001/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova_szh

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[root@controller3:/root]# vim /etc/neutron/neutron.conf
#
bind_host = 192.168.110.123
auth_strategy = keystone
core_plugin = ml2
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
service_plugins = router
transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672

[database]
connection = mysql+pymysql://neutron:NEUTRON_szh@VirtualIP:3307/neutron

[keystone_authtoken]
www_authenticate_uri = http://VirtualIP:5001/v3
auth_url = http://VirtualIP:5001/v3
memcache_servers=controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = neutron_szh

[nova]
auth_url = http://VirtualIP:5001/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova_szh

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[root@controller$:/root]# egrep -v "^$|^#" /etc/neutron/neutron.conf

 

10.4.3 配置ml2_conf.ini 

[root@controller1:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@controller2:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@controller3:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

[root@controller2:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

[root@controller1:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

[root@controller3:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

 

10.4.4 配置linuxbridge_agent.ini

[root@controller1:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@controller2:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@controller3:/root]# cp -p /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens160 # 外网网卡名
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.110.121 # 这里使用的管理地址,做vxlan隧道,每个节点填写本地管理地址

l2_population = True

 

10.4.5 配置l3_agent.ini 

l3_agent.ini配置:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
# 蓝色部分为网络高可用切换设置
ha_confs_path = $state_path/ha_confs
ha_vrrp_auth_type = PASS
ha_vrrp_auth_password = 
ha_vrrp_advert_int = 2
[AGENT]

 


10.4.6 配置dhcp_agent.ini 

dhcp_agent.ini 配置如下:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
[AGENT]

 

10.4.7 配置metadata_agent.ini 

metadata_agent.ini 配置如下:
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[AGENT]

 

10.4.8 配置nova.conf (在全部控制节点操作 controller1 controller2 controller3)

[root@controller$:/root]# vim /etc/nova/nova.conf
[neutron]
url = http://VirtualIP:9997
auth_url = http://VirtualIP:5001
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron_szh
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
//*注:节后在[default]下加上以下内容:(优化DHCP Agent服务的高可用)*//
agent_down_time = 30
report_interval=15
dhcp_agents_per_network = 3

 

10.4.9 建立软链接 (在全部控制节点操作 controller1 controller2 controller3)

[root@controller$:/root]#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

10.4.10 同步neutron数据库并验证 

[root@controller3:/root]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller2:/root]# mysql -u neutron -p"NEUTRON_szh" -e "use neutron;show tables;"

 

10.4.11 重启nova服务并启动neutron服务 

[root@controller$:/root]#systemctl restart openstack-nova-api.service
执行完成,再次确认nova各项服务是否正常

各项服务正常。
启动neutron各项服务,建议一项一项启动,监测日志有无报错信息

[root@controller1 ~]# systemctl start neutron-server.service
[root@controller1 ~]# systemctl start neutron-linuxbridge-agent.service
[root@controller1 ~]# systemctl start neutron-dhcp-agent.service
[root@controller1 ~]# systemctl start neutron-metadata-agent.service
[root@controller1 ~]# systemctl start neutron-l3-agent.service

全部启动成功,日志打印都是 info 信息,设置开机启动,前面的服务都是设置为开机启动的。
[root@controller1 ~]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service

 

10.4.12 设置PCS资源(在任意控制节点操作)

//添加资源neutron-server,neutron-linuxbridge-agent,neutron-l3-agent,neutron-dhcp-agent与neutron-metadata-agent
//在任意控制节点操作
pcs resource create neutron-server systemd:neutron-server --clone interleave=true
pcs resource create neutron-openvswitch-agent systemd:neutron-linuxbridge-agent --clone interleave=true
pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true
pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true
//查看PCS资源
pcs resource

 

10.5 部署计算节点上的Neutron
10.5.1 安装openstack-neutron-linuxbridge服务

[root@compute1:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y
[root@compute2:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y
[root@compute3:/root]# yum install openvswitch openstack-neutron-linuxbridge ebtables ipset -y

 

10.5.2 配置neutron.conf

[root@compute1:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@compute2:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@compute3:/root]# cp -p /etc/neutron/neutron.conf{,.bak}

[root@compute3:/root]# vim /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
state_path = /var/lib/neutron
transport_url = rabbit://openstack:adminopenstack@controller1:5672,openstack:adminopenstack@controller2:5672,openstack:adminopenstack@controller3:5672
[keystone_authtoken]
www_authenticate_uri = http://VirtualIP:5001
auth_url = http://VirtualIP:5001
memcached_servers = controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron_szh
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[root@compute3:/root]# scp /etc/neutron/neutron.conf compute2:/etc/neutron/
[root@compute3:/root]# scp /etc/neutron/neutron.conf compute1:/etc/neutron/

 

10.5.3 配置linuxbridge_agent.ini

[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens160
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.110.117
l2_population = True
[root@compute2 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens160
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.110.118
l2_population = True
[root@compute3 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens160
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.110.119
l2_population = True

 

10.5.4 配置 nova.conf 

[root@compute1:/root]# vim /etc/nova/nova.conf
[neutron]
url = http://VirtualIP:9997
auth_url = http://VirtualIP:5001
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron_szh

[root@compute2:/root]# vim /etc/nova/nova.conf
[neutron]
url = http://VirtualIP:9997
auth_url = http://VirtualIP:5001
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron_szh

[root@compute3:/root]# vim /etc/nova/nova.conf
[neutron]
url = http://VirtualIP:9997
auth_url = http://VirtualIP:5001
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron_szh

 

10.5.5 重启nova服务并启动neutron服务 

[root@compute1:/root]#systemctl restart openstack-nova-compute.service
[root@compute1:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service
[root@compute1:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service
[root@compute1:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service
[root@compute2:/root]#systemctl restart openstack-nova-compute.service
[root@compute2:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service
[root@compute2:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service
[root@compute2:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service
[root@compute3:/root]#systemctl restart openstack-nova-compute.service
[root@compute3:/root]#systemctl enable openvswitch neutron-linuxbridge-agent.service
[root@compute3:/root]#systemctl restart openvswitch neutron-linuxbridge-agent.service
[root@compute3:/root]#systemctl status openvswitch neutron-linuxbridge-agent.service

 

验证网络服务#
在任意controller节点上执行:

. admin-openrc
neutron ext-list
neutron agent-list

 

网络服务正常,再次确认计算服务

nova service-list

 

计算服务正常。neutron配置成功。

posted @ 2021-01-21 16:04  Tartarush  阅读(280)  评论(0编辑  收藏  举报